Merge tag '0.7.0'

Releasing 0.7.0
author: Micah Anderson <micah@leap.se> 2015-06-11 12:10:09 -0400
committer: Micah Anderson <micah@leap.se> 2015-06-11 12:10:09 -0400
commit: b429b30bda4dafc78cb02f6ece5d82f08e35de1f (patch)
tree: 37efc30a4fcb642dec583c3accea76f7a7de9c39 /provider_base
parent: 67b2bea2dfcfb06191bf5ed562309f264c6aed8c (diff)
parent: d9146415db0e6b7dd0c945039c0a4ed4fd054a7d (diff)
6 files changed, 55 insertions, 23 deletions
diff --git a/provider_base/common.json b/provider_base/common.json
index 649db0d9..c7be5cf4 100644
--- a/provider_base/common.json
+++ b/provider_base/common.json
@@ -29,8 +29,8 @@
     "cert": "= x509.use ? file(:node_x509_cert, :missing => 'x509 certificate for node $node. Run `leap cert update`') : nil",
     "key": "= x509.use ? file(:node_x509_key, :missing => 'x509 key for node $node. Run `leap cert update`') : nil",
     "ca_cert": "= try_file :ca_cert",
-    "commercial_cert": "= x509.use_commercial ? file([:commercial_cert, try{webapp.domain}||domain.full_suffix], :missing => 'commercial x509 certificate for node $node. Add file $file, or run `leap cert csr` to generate a temporary self-signed cert and CSR you can use to purchase a real cert.') : nil",
-    "commercial_key": "= x509.use_commercial ? file([:commercial_key, try{webapp.domain}||domain.full_suffix], :missing => 'commercial x509 certificate for node $node. Add file $file, or run `leap cert csr` to generate a temporary self-signed cert and CSR you can use to purchase a real cert.') : nil",
+    "commercial_cert": "= x509.use_commercial ? file([:commercial_cert, try{webapp.domain}||domain.full_suffix], :missing => 'commercial x509 certificate for node $node. Add file $file, or run `leap cert csr --domain %s` to generate a temporary self-signed cert and CSR you can use to purchase a real cert.' % (try{webapp.domain}||domain.full_suffix)) : nil",
+    "commercial_key": "= x509.use_commercial ? file([:commercial_key, try{webapp.domain}||domain.full_suffix], :missing => 'commercial x509 certificate for node $node. Add file $file, or run `leap cert csr --domain %s` to generate a temporary self-signed cert and CSR you can use to purchase a real cert.' % (try{webapp.domain}||domain.full_suffix)) : nil",
     "commercial_ca_cert": "= x509.use_commercial ? try_file(:commercial_ca_cert) : nil"
   },
   "service_type": "internal_service",
@@ -50,5 +50,37 @@
   "platform": {
     "version": "= Leap::Platform.version.to_s",
     "major_version": "= Leap::Platform.major_version"
+  },
+  "sources": {
+    "apt": {
+      "basic": "http://httpredir.debian.org/debian/",
+      "security": "http://security.debian.org/",
+      "backports": "http://httpredir.debian.org/debian/"
+    },
+    "leap-mx": {
+      "type": "apt",
+      "package": "leap-mx",
+      "revision": "latest"
+    },
+    "nickserver": {
+      "type": "git",
+      "source": "https://leap.se/git/nickserver",
+      "revision": "origin/master"
+    },
+    "soledad": {
+      "type": "apt",
+      "package": "soledad-server",
+      "revision": "latest"
+    },
+    "tapicero": {
+      "type": "git",
+      "source": "https://leap.se/git/tapicero",
+      "revision": "origin/version/0.7"
+    },
+    "webapp": {
+      "type": "git",
+      "source": "https://leap.se/git/leap_web",
+      "revision": "origin/version/0.7"
+    }
   }
 }
diff --git a/provider_base/files/service-definitions/provider.json.erb b/provider_base/files/service-definitions/provider.json.erb
index 2d0a5886..be8ae484 100644
--- a/provider_base/files/service-definitions/provider.json.erb
+++ b/provider_base/files/service-definitions/provider.json.erb
@@ -7,7 +7,7 @@
   hsh['domain'] = domain.full_suffix
 
   # advertise services that are 'user services' and for which there are actually nodes
-  hsh['services'] ||= global.env(environment).services[:service_type => :user_service].field(:name).select do |service|
+  hsh['services'] ||= global.services[:service_type => :user_service].field(:name).select do |service|
     nodes_like_me[:services => service].any?
   end
 
diff --git a/provider_base/lib/macros/nodes.rb b/provider_base/lib/macros/nodes.rb
index 0c6668a0..8b961cbc 100644
--- a/provider_base/lib/macros/nodes.rb
+++ b/provider_base/lib/macros/nodes.rb
@@ -15,10 +15,10 @@ module LeapCli
     end
 
     #
-    # grab an environment appropriate provider
+    # simple alias for global.provider
     #
     def provider
-      global.env(@node.environment).provider
+      global.provider
     end
 
     #
diff --git a/provider_base/lib/macros/secrets.rb b/provider_base/lib/macros/secrets.rb
index 51bf3971..8d1feb55 100644
--- a/provider_base/lib/macros/secrets.rb
+++ b/provider_base/lib/macros/secrets.rb
@@ -13,17 +13,17 @@ module LeapCli
     # +length+ is the character length of the generated password.
     #
     def secret(name, length=32)
-      @manager.secrets.set(name, Util::Secret.generate(length), @node[:environment])
+      manager.secrets.set(name, @node.environment) { Util::Secret.generate(length) }
     end
 
     # inserts a base32 encoded secret
     def base32_secret(name, length=20)
-      @manager.secrets.set(name, Base32.encode(Util::Secret.generate(length)), @node[:environment])
+      manager.secrets.set(name, @node.environment) { Base32.encode(Util::Secret.generate(length)) }
     end
 
     # Picks a random obfsproxy port from given range
     def rand_range(name, range)
-      @manager.secrets.set(name, rand(range), @node[:environment])
+      manager.secrets.set(name, @node.environment) { rand(range) }
     end
 
     #
@@ -32,7 +32,7 @@ module LeapCli
     # +bit_length+ is the bits in the secret, (ie length of resulting hex string will be bit_length/4)
     #
     def hex_secret(name, bit_length=128)
-      @manager.secrets.set(name, Util::Secret.generate_hex(bit_length), @node[:environment])
+      manager.secrets.set(name, @node.environment) { Util::Secret.generate_hex(bit_length) }
     end
 
   end
diff --git a/provider_base/provider.json b/provider_base/provider.json
index 77437935..60ad2a9e 100644
--- a/provider_base/provider.json
+++ b/provider_base/provider.json
@@ -42,22 +42,22 @@
     "organizational_unit": "= 'https://' + provider.domain",
     "bit_size": 4096,
     "digest": "SHA256",
-    "life_span": "10y",
+    "life_span": "10 years",
     "server_certificates": {
       "bit_size": 4096,
       "digest": "SHA256",
-      "life_span": "1y"
+      "life_span": "1 years"
     },
     "client_certificates": {
       "bit_size": 2048,
       "digest": "SHA256",
-      "life_span": "2m",
+      "life_span": "2 months",
       "limited_prefix": "LIMITED",
       "unlimited_prefix": "UNLIMITED"
     }
   },
   "client_version": {
-    "min": "0.5",
+    "min": "0.7",
     "max": null
   }
 }
diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json
index 67744f99..941f4f61 100644
--- a/provider_base/services/webapp.json
+++ b/provider_base/services/webapp.json
@@ -1,14 +1,18 @@
 {
   "webapp": {
     "admins": [],
-    "forbidden_usernames": ["admin", "administrator", "arin-admin", "certmaster", "contact", "info", "maildrop", "postmaster", "ssladmin", "www-data"],
+    "forbidden_usernames": [
+      "admin", "admins", "administrator", "administrators", "arin-admin",
+      "certmaster", "contact", "email", "help", "help-desk", "help-ticket",
+      "help-tickets", "help_desk", "help_ticket", "help_tickets", "helpdesk",
+      "helpticket", "helptickets", "info", "mail", "maildrop", "noreply",
+      "owner", "owners", "postmaster", "reply", "robot", "ssladmin", "staff",
+      "support", "tech-support", "tech_support", "techsupport", "ticket",
+      "tickets", "vmail", "www-data"],
     "domain": "= domain.full_suffix",
     "modules": ["user", "billing", "help"],
-    "couchdb_webapp_user": {
-      "username": "= global.services[:couchdb].couch.users[:webapp].username",
-      "password": "= secret :couch_webapp_password",
-      "salt": "= hex_secret :couch_webapp_password_salt, 128"
-    },
+    "couchdb_webapp_user": "= global.services[:couchdb].couch.users[:webapp]",
+    "couchdb_admin_user": "= global.services[:couchdb].couch.users[:admin]",
     "customization_dir": "= file_path 'webapp'",
     "client_certificates": "= provider.ca.client_certificates",
     "allow_limited_certs": "= provider.service.allow_limited_bandwidth",
@@ -20,10 +24,6 @@
     "secret_token": "= secret :webapp_secret_token",
     "api_version": 1,
     "secure": false,
-    "git": {
-      "source": "https://leap.se/git/leap_web",
-      "revision": "origin/version/0.6"
-    },
     "client_version": "= provider.client_version",
     "nagios_test_user": {
       "username": "nagios_test",
author	Micah Anderson <micah@leap.se>	2015-06-11 12:10:09 -0400
committer	Micah Anderson <micah@leap.se>	2015-06-11 12:10:09 -0400
commit	b429b30bda4dafc78cb02f6ece5d82f08e35de1f (patch)
tree	37efc30a4fcb642dec583c3accea76f7a7de9c39 /provider_base
parent	67b2bea2dfcfb06191bf5ed562309f264c6aed8c (diff)
parent	d9146415db0e6b7dd0c945039c0a4ed4fd054a7d (diff)